LiteBox is a sandboxing library OS that drastically cuts down the interface to the host, thereby reducing attack surface. It focuses on easy interop of various "North" shims and "South" platforms. LiteBox is designed for usage in both kernel and non-kernel scenarios.
LiteBox exposes a Rust-y nix/rustix-inspired "North" interface when it is provided a Platform interface at its "South". These interfaces allow for a wide variety of use-cases, easily allowing for connection between any of the North--South pairs.
Example use cases include:
- Running unmodified Linux programs on Windows
- Sandboxing Linux applications on Linux
- Run programs on top of SEV SNP
- Running OP-TEE programs on Linux
- Running on LVBSReddit discussion: https://www.reddit.com/r/linux/comments/1qw4r71/microsofts_n...
Project lead James Morris announcing it on social.kernel.org: https://social.kernel.org/notice/B2xBkzWsBX0NerohSC
This might actually be my favourite use: I always thought WSL2 was a kludge, and WSL1 to be somewhat the fulfilment of the "personality modules" promise of Windows NT.
It was sad to see WSL2 taking the path of least resistance, that decision has always felt TPM driven ("we got unexpected success with WSL and people are asking for more, deliver xxx by Q4! No I don't care _how_ you do it!")
Edit! Memory unfuzzed: It was Workplace OS, https://en.wikipedia.org/wiki/Workplace_OS
I haven't used Copilot much, because people keep saying how bad it is, but generally if you add escape hatches like this without hard requirements of when the LLM can take them, they won't follow that rule in a intuitive way most of the time.
As agent, or writing everything for me, not yet.
This is how most unikernels work; the "OS" is linked directly into the application's address space and the "external interface" becomes either hardware access or hypercalls.
Wine is also arguably a form of "library OS," for example (although it goes deeper than the most strict definition by also re-implementing a lot of the userland libraries).
So for example with this project, you could take a Linux application's codebase, recompile it linked to LiteBox, and run it on SEV-SNP. Or take an OP-TEE TA, link it to LiteBox, and run it on Linux.
The notable thing here is that it tries to cut the interface in the middle down to an intermediate representation that's supposed to be sandbox-able - ie, instead of auditing and limiting hundreds of POSIX syscalls like you might with a traditional kernel capabilities system, you're supposed to be able to control access to just a few primitives that they're condensed down to in the middle.
If you have to recompile, you might as well choose to recompile to WASM+WASI. The sandboxing story here is excellent due to its web origins. I thought the point of LiteBox is that recompilation isn’t needed.
Honestly far less interesting to know I was wrong.
That's also what I thought this was, and came to the comments expecting to see something neat about why libraries might need bespoke operating systems.
Basically it lets your program run directly on a hypervisor VM, though this one will also run as a Linux/Windows/BSD process.
What is unclear is if it uses its own common ABI or if you use the one of the host os. I don't know why but from the project description I have a little bit of feeling that this is another vibe coded project.
The "North" part seems to be what I think you'd traditionally think of as a library OS, and then the "South" part seems to be shims to use various userlands and TEEs as the host (rather than the bare hardware in your example).
I'm really confused by the complete lack of documentation and examples, though. I think the "runners" are the closest thing there is.
It sounds interesting and a step forward (never heard of library Os itll now), but why won't this run into hundreds of the same security bugs that plague Windows if it's not spec'd and verified?
I'll play with this later today after work and see how mature it is and hopefully have something concrete and constructive to say. Hopefully others will, too.
"Microsoft bad, Linux good" kind of comments are all over the place. There is no more in depth discussions about projects anymore. Add the people linking their blogs only to sell you thier services for an imaginary problem, and you get HN 2026.
It's maybe the time to find another tech media. If you know one, I would be glad to know.
Is it similar to e.g. gVisor? Like would gVisor count as a library OS, too?
Consumers and businesses deserve better. It's crazy to me that in 2026 Notepad++ being compromised means as much potential damage as it does, still.
* Many of them are part of families of crates maintained by the same people (e.g. rust-crypto, windows, rand or regex).
* Most of them are popular crates I'm familiar with.
* Several are only needed to support old compiler versions and can be removed once the MSRV is raised
So it's not as bad as it looks at first glance.
If Microsoft states that they don't have any for a project like this, I would be wary of taking it too seriously.
grep 'name = ' ms-litebox-Cargo.lock | wc -l
238
grep 'name = ' ms-litebox-Cargo.lock | sort -u | wc -l
221 -c, --count
prefix lines by the number of occurrencesThat's the theory, but I don't know how far LiteBox is along to supporting that workflow.
> It focuses on easy interop of various "North" shims and "South" platforms.
For replacing wine on Linux the "North" would be kernel32 API or similar, the "South" would be Linux sys all API.
However this is meant as a library, thus require linking the Windows program to it and eine is more than the system interface, it has all the GUI parts etc of win32 API
A library OS is an operating system design where traditional OS services are provided as application-linked libraries, rather than a single, shared kernel serving all the programs.
Use Linux or BSD and ignore that approach for Vendor Lock-in* into their “library OS”.
Individual engineers can be talented, professional, and end-user focused. Most of that effort gets lost when PMs refuse to work with each other in a coherent manner. Most of the major issues we ran into weren’t engineering bugs per se, they were the result of management refusing to allow teams to communicate effectively.
When we were first building out the original C# functionality, the C# team refused to talk to the existing compiler teams. I spent more time acting as a go-between than I did solving actual technical problems.
Good people can produce crappy software in that environment.
Teams, Office (especially online), One Drive, SharePoint, Azure, GitHub, LinkedIn, all became very shitty and partially unusable with increasing number of weird bugs or problems lately.
I haven't spoken to a Microsoft developer in a while because there are few in the hacker communities I'm around (go figure?) so not entirely sure though. I want to understand.
This. A while ago a build of Win 11 was shared/leaked that was tailored for the Chinese government called "Windows G" and it had all the ads, games, telemetry, anti-malware and other bullshit removed and it flew on 4GB RAM. So Microsoft CAN DO IT, if they actually want to, they just don't want to for users.
You can get something similar yourself at home running all the debloat tools out there but since they're not officially supported, either you'll break future windows updates, or the future windows updates will break your setup, so it's not worth it.
In their intended applications, which might or might not be the ones you need.
The slowness of the filesystem that necessitated a whole custom caching layer in Git for Windows, or the slowness of process creation that necessitated adding “picoprocesses” to the kernel so that WSL1 would perform acceptably and still wasn’t enough for it to survive, those are entirely due to the kernel’s archtecture.
It’s not necessarily a huge deal that NT makes a bad substrate for Unix, even if POSIX support has been in the product requirements since before Win32 was conceived. I agree with the MSR paper[1] on fork(), for instance. But for a Unix-head, the “good” in your statement comes with important caveats. The filesystem is in particular so slow that Windows users will unironically claim that Ripgrep is slow and build their own NTFS parsers to sell as the fix[2].
[1] https://lwn.net/Articles/785430/
[2] https://nitter.net/CharlieMQV/status/1972647630653227054
OP wasn't suggesting it was, just that the lack of quality in one significant area of the company's output leads to a lack of confidence in other products that they release.
Still, the fact that it's open source is a good thing. People can now take that code and make something better (ripping out the AI for example) or just use bits and pieces for their own totally unrelated projects. I can't see that as anything but a win. I have no problem giving shitty companies credit where its due and they've done a good thing here.
That's a very unfair assessment. In many areas, Microsoft services and Windows are better protected than most alternatives (e.g., disk encryption, virtualization-based isolation,...), and security is taken pretty seriously for new products.
A comment like yours is just like saying: "I know a buggy open-source software, why would I trust that other open-source project? The open-source community burned all possible goodwill".
There is no CEO of open source, there are no open-source shareholders, there are no open-source quarterly earnings reports, there are no open-source P&G policies (with or without stack ranking), and so on.
There has to be a better way. I think Linux's flatpak is a reasonable approach here, although the execution might be rather poor. I want a basic set of trusted tool that I can do anything with, and run less trusted tools like GUI programs in sandboxes with limited filesystem access.
There is also sandboxing configuration via Intune for enterprises.
Linux excels over Windows in the area of security by a wide margin, I have no qualms about running an app on Linux versus Windows, any day of the week.
You can make a pretty reasonably secure Linux server by doing your homework, it's nowhere close to impossible. An extremely secure server also requires a bit of hardware homework. The Linux desktop, however, is woefully behind macOS and Windows in terms of security by a pretty large margin, and most of it is by design.
(In theory you can probably bolt a macOS-like system onto Linux using tools like SCM_RIGHTS/pidfds/code signatures, along with delegated privilege escalation, no setuid, signature-based policy mechanisms, etc. But there are a lot of cultural and software challenges to overcome to make it all widely usable.)
No, this is wrong but might be true if you are talking about Linux package manager vs. Random Windows .exe on internet. But if you are talking about Secure Boot, encrypted disk, sudo etc. Windows is more secure but it looks like https://amutable.com/ will make Linux more secure like Windows.
Edit: Some insecure things on Linux: Dbus (kwallet etc.), sudo, fprint, "secure boot".
Windows at least has a proper ACL system; on Linux it just takes a single compromised executable to loose everything.
Microsoft has some clear ‘A’ teams (compilers, industry leading languages, F*, pioneering web tech, OS innovations, etc), but also ‘B’, ‘C’ and ‘D’ teams, and MS is often reactively chasing industry trends. They’re industry leaders, but also victims of their Office, Windows, and Cloud teams pooping on one another at critical market junctures.
In .Net land we can inspect their library code. A number of these ‘Enterprise’ packages around their ‘Enterprise’ solutions are … just passable. Often something you’d write a proper version of to avoid clear issues. When our juniors are delivering better than their official offerings, in light of wizardry being displayed elsewhere, I think we are seeing systematic effects of corporate culture and customer base.
Do you have any relation with the project apart from working at the same company?
It does sound hard, and might need to employ homomorphic encryption with hw help for any memory access after code has been also verifiably unaltered through (uncompromised) hw attestation.
grep 'name = ' ms-litebox-Cargo.lock | sort | uniq -c | grep -v '1 name' | sort -n
Edit: Also, beware of the unsorted uniq count:
cat <<EOF | uniq -c
> a
> a
> b
> a
> a
> EOF
2 a
1 b
2 aWFH, flood of Dev hiring, increasingly hostile worker relations, a bunch of web 2.0 folks finally retiring, VC money drying up...
take your pick.
Software is just crappy these days.
It just became more visible: testing _is_ expensive and time consuming.
/sarcasm
> If you have to recompile, you might as well choose to recompile to WASM+WASI.
I disagree here; this ignores the entire swath of functionality that an OS or runtime provides? Like, as just as an example, I can't "just recompile" my OP-TEE TA into WASM when it uses the KDF function from the OP-TEE runtime?
The hard part is having actual capabilities, and only WASI (which is much smaller than WASM) helps here, and it's not clear why would it be any better than other options, like LiteBox. Especially that wasm does have a small, but real overhead.
I use this feature often in Claude to bring specific files so that they are in context at all times. E.g. when working on a parser, I will often put the grammar to be always in context. Or if working on a web app, all the model types.
If even MS internal teams rather want to avoid it, it seems like it isn't a great offering. https://news.ycombinator.com/item?id=41085376#41086062
Remember, I said the _file system_ was just fine. It's that extensible architecture above all file systems on NT that causes grief.
The only method to 'turn off' Defender is to use DevDrive, which enforces ReFS, and even then you only get async Defender, it's not possible to completely disable.
The use case here was to use a KDF function from the TEE, and I assume it serves as an oracle where the actual key material cannot be revealed.
So no, they are absolutely not useless, they are just "single-shot" models of computation. Certain software fit that model very nicely (e.g. compilers), others less so.
> Example use cases include:
> * Running unmodified Linux programs on Windows
> * ...
That won't work if the unplugged Linux program assumes that mv replaces a file atomically; ntfs can't offer that.
You can read more if you wish in 'Inside the Windows NT File System' by Helen Custer, page 15.
Azure makes money, 50% of Windows computers are basically free and need to get you to sign up for a subscription some how. The other 50% are Windows Pro/Enterprise, but MS assumes they'll get that money forever so doesn't put any resources into that. In 10 years the kids switching to Linux on desktop today will be in charge of the business deals and switch corporations to linux because they're not scared of it like the current business IT leaders
I know a few personally that left their stable job to be hired and fired in the same month and remain unemployed six months later. Very sad.
But there's another issue which is what cripples windows for dev! NTFS has a terrible design flaw which is the fact that small files, under 640 bytes, are stored in the MFT. The MFT ends up having serious lock contention so lots of small file changes are slow. This screws up anything Unixy and git horribly.
WSL1 was built on top of that problem which was one of the many reasons it was slow as molasses.
Also why ReFS and "dev drive" exist...
Ext4 also stores small (~150B) files inside the inode[1], and so do a number of other filesystems[2]? NTFS was unusually early to the party, but if you’re right that it’s problematic there then something else must also be wrong (perhaps with the locking?) to make it so.
[1] https://www.kernel.org/doc/html/latest/filesystems/ext4/inli...
[2] https://en.wikipedia.org/wiki/Comparison_of_file_systems#All..., the “Inline data” column.
Not true. There are increasingly more cases where Windows software, written with Windows in mind and only tested on Windows, performs better atop Wine.
Sure, there are interface incompatibilities that naturally create performance penalties, but a lot of stuff maps 1:1, and Windows was historically designed to support multiple user-space ABIs; Win32 calls are broken down into native kernel calls by kernel32, advapi32, etc., for example, similar to how libc works on Unix-like operating systems.
Also, as far as my (very limited) understanding goes, there are more architectural performance problems than just filters (and, to me, filters don’t necessarily sound like performance bankruptcy, provided the filter in question isn’t mandatory, un-removable Microsoft Defender). I seem to remember that path parsing is accomplished in NT by each handler chopping off the initial portion that it understands and passing the remaining suffix to the next one as an uninterpreted string (cf. COM monikers), unlike Unix where the slash-separated list is baked into the architecture, and the former design makes it much harder to have (what Unix calls) a “dentry cache” that would allow the kernel to look up meanings of popular names without going through the filesystem(s).
From there, it hits the MFT, finds the specific record for the file, loads the MFT record, and ultimately returns the FILE_OBJECT to the I/O Manager and it bubbles up the chain back to (presumably) Win32. The MFT is just a linear array of records, which include file and directories (directory records are just a record with directory = true, essentially).
Obviously simplified. Windows Internals will be your friend, if you want to know more.
https://github.com/Microsoft/WSL/issues/873#issuecomment-425...
https://www.windowscentral.com/software-apps/windows-11/leak...
So they are not incentivized to keep Win32_Lean_N_Mean, but instead to put up artificial limits on how old of hardware can run W11.
I have no insider knowledge here, just this is a thing which get talked about around major Windows releases historically.
This was most evident back in the 90s when they shipped NT4: extremely stable as opposed to Win95 which introduced the infamous BSOD. But it supported everything, and NT4 had HW support on par with Linux (i.e. almost nothing from the cheap vendors).
9x, me, and even compatibility parts of XP (up to some service patch IIRC? Might have been SP2) would still allow dos mode realtime BS for any driver that wanted.
I loath all the dang software modems too cheep to ship a decent device in a single unit and instead slice off the user's already constrained resources.
Citation needed since that makes no logical sense. You want to sell your SW product to the most common denominator to increase your sales, not to a market of HW that people don't yet have. Sounds like FUD.
>but instead to put up artificial limits on how old of hardware can run W11
They're not artificial. POPCNT / SSE4.2 became a hard requirement starting with Windows 11 24H2 (2024) (but that's for older CPUs), and only intel 8th gen and up have well functioning support for Virtualization-Based Security (VBS), HVCI (Hypervisor-protected Code Integrity), and MBEC (Mode-Based Execution Control). That's besides the TPM 2.0 which isn't actually a hard requirement or feature used by everyone, the other ones are way more important.
So at which point do we consider HW-based security a necessity instead of an artificial limit? With the ever increase in vulnerabilities and attack vectors, you gotta rip the bandaid at some point.
What is missing here that was present when this same computer was running Windows 10?
A key difference between regular software and Windows is that almost nobody buys Windows, they get it pre-installed on a new PC. So a new PC purchase means a new Windows license.
Are they as important as stated? Microsoft says so. Everyone here loves and trusts them, right?
I'm running 11 IoT Ent LTSC on a some T420; it runs pretty okay.
[1] https://www.kernel.org/doc/html/latest/filesystems/path-look...
[2] I was under the impression that it could look up an entire path at once when I wrote my grandparent comment; it seems I was wrong, which on reflection makes sense given you can move directories.
[3] https://www.kernel.org/doc/html/latest/filesystems/path-look...
Also worth tracking down a copy of the NT OS/2 Design Workbook on the web (another leak).
And Inside the Windows NT File System by Helen Custer is a very short book but describes the very early state of NTFS capabilities/functions.
Working for Microsoft doesn’t make them bad engineers or bad people, but it does make them Microsoft employees. And they get to bear its reputation whether they want to or not. If it makes them uncomfortable then they should make a change or grow thicker skin.
Oversaturation of the labor supply for software engineers has been looming for a while now. Gen Z was sold on infinite growth in the ZIRP era which was never going to happen, but everyone still jumped in. What we’re seeing is structural unemployment. Not everyone’s gonna make it.
If you do, I can't agree with you.
Also I wouldn't compare software development for a marketing company with a violent disagreeable effort. There's bad and there's worse, objectively.
Anyway, not saying you're wrong, but I'm not so quick to judge someone by a job that they probably hate.
Or to wrap 100,000 people in the same blanket. We're all individuals. No one should be judged by the actions of others.
Yeah, tech monopolist that enables genocide to contemporary gestapo isn’t an equal comparison. But my point was that you can’t ignore the moral hazards of employment by handwaving “gotta eat somehow”. There are a million ways to feed your kids. Saying you have to work a high paid job to feed them non-GMO certified organic produce from Erewhon because that’s the only standard of living you can possibly survive with, that’s a choice.
I also want to reiterate that I’m not judging the people who choose to work there. I’m just saying that by signing the employment contract they accept the reasonable public perception that the products they work on are shit. And to some marginal degree, they are complicit in all their employer’s wrongdoings.
1400 ISIS (the islamist state) terrorists who made their way to the US, identified by the DHS.
Look at the list here. 2084 pages already, 12 entries per page: that's 25 000 criminals. They're listing their crimes. 25 000 criminals already arrested is a huge lot.
Be honest with yourself and think about the victims.
I'd say a lot of the people joining ICE do believe the US has already enough criminals that are US citizens and want to help stop the insanity that is mass uncontrolled migration.
Out of 600 000 people arrested by ICE, as I understand it already 25 000 are violent criminals that we know of. That's more nearly 5% of all those arrested. 1 in 20 people.
Where do you draw the limit? You want full open borders, but at what cost?
I read a lot of "Arrested for: kidnapping, rape".
Is, say, 1 in 100 people coming in being a criminal OK?
Where do you draw the line?
Dems are literally fighting so that sanctuary cities do not hand over convicted criminals to ICE: so that one day they can be released in the streets.
Is this what you want to fight for?
Are you that convinced, from your moral high ground where you judge Microsoft employees and ICE agents, that you'll be on the right side of history?
The real justice is investing in a security system that tracks, investigates, and condemn actual criminals, in a targetted way, so that honest people can live securely and free. Believe it or not, plenty of countries manage to do that pretty well.
Yes.
It really isn't difficult to figure out who the bad guys are, at the moment.
You ask "Is, say, 1 in 100 people coming in being a criminal OK?"
Well considering that about 1.4% of the overall population is current incarcerated in our "Land of the Free", yeah 1 in 100 would be an improvement!
People are against ICE in growing numbers because of their tactics of run around hide their identities like bandits and gestapo thugs. Their ignoring of court orders, constant lies, constant blatant violations of the 1st, 2nd, 4th amendments constantly, and violations of rights of people such as immigrants following the processes of asylum, several citizens that have been arrested wrongly, and the terrible tortuous treatment an the joy and pride this corrupt disgusting administration takes in being cruel to people!
If SWAT started driving around gunning people down in the street but every last "victim" turned out to be guilty of murder would that be okay? I certainly don't think so. There's a legal process that needs to be followed.
Yes, you can bypass HW checks to install it on a pentium 4 if you want, nothing new here.
>What is missing here that was present when this same computer was running Windows 10?
All the security features I listed in the comment above.
This computer had the security features that you listed while it was running Windows 10, and now that it is running Windows 11 it is lacking them?
(I'm not trying to be snarky. That's simply an astonishing concept to me.)
> > What is missing here that was present when this same computer was running Windows 10?
> All the security features I listed in the comment above.
I don't know if that's your intention but that's what I'm reading.
I genuinely hope you don't agree with that reading, because I doubt you'd have a nice life with that outlook. You'd be very unlikable.
It's not about "lesser" jobs being actually lesser. The point is that you don't actually have a choice. Big companies that nobody likes are in control of the economy and you can't do anything except join the unemployed until you get rehired from the pool of desperate people willing to do their bidding.
(All of this with a grain of salt. Not literally everyone is in this situation, but there are certainly many who are.)
I'm just saying, maybe don't be so quick to judge.
> you can't do anything except join the unemployed until you get rehired from the pool of desperate people willing to do their bidding.
So there is a choice then. Does unemployment kill you in some way? Is going to a food bank a death sentence? Can you not adjust your lifestyle spending to match a lower salary if it means getting a job sooner? Is there no way to save up for periods of unemployment so you can be choosy about your next job?
Everything you do in life is a choice.
Look at yourself: >Having kids is also a bullshit excuse. Choosing comfort over conscience is your prerogative but you’re just teaching your kids the same values.
Your conscience tells you that children should be forced to sleep in shelters and eat from food banks just so that you won't have to see ads when you use Microsoft Windows.
Please DON'T teach anyone your values. Your moral compass points to the trash.
I'm out bro. Cheers.